Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Are there any recommendations or best practices for using Anti-virus with Hadoop servers?

Labels:
avatar
author-rank cspencer
Expert Contributor

Created ‎09-29-2015 03:55 PM

 
4,396 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank dkaiser author-rank
Contributor

Created ‎09-29-2015 06:31 PM

The best-practice is to avoid the use of active Anti-Virus (AV) systems that monitor access to the underlying disk systems being used for metadata storage by the following processes:

  • Apache Hadoop
    • HDFS Namenode
    • HDFS Datanode
    • YARN Resource Manager
    • YARN Node Manager
  • Apache Accumulo
  • Apache Flume
  • Apache HBase
  • Apache Kafka
  • Apache ZooKeeper

These processes store data structures only, and there is nothing stored by these processes that is executable by the underlying OS. As these processes can be very active, potentially performing continuous writes against large files, the best performance requires direct, unimpeded access to the underlying filesystem, and any AV system that traps filesystem calls will have a negative impact on Hadoop system performance.

Some sites choose to implement AV "scans" that run periodically (like a weekly scan) on clients, gateway and "edge node" systems where users & developers connect and run local processes. These scans do not interfere with cluster performance, but are important to safeguard the edge-connected systems that are the main clients of the cluster.

View solution in original post

2,949 Views
3 REPLIES 3

avatar
author-rank dkaiser author-rank
Contributor

Created ‎09-29-2015 06:31 PM

The best-practice is to avoid the use of active Anti-Virus (AV) systems that monitor access to the underlying disk systems being used for metadata storage by the following processes:

  • Apache Hadoop
    • HDFS Namenode
    • HDFS Datanode
    • YARN Resource Manager
    • YARN Node Manager
  • Apache Accumulo
  • Apache Flume
  • Apache HBase
  • Apache Kafka
  • Apache ZooKeeper

These processes store data structures only, and there is nothing stored by these processes that is executable by the underlying OS. As these processes can be very active, potentially performing continuous writes against large files, the best performance requires direct, unimpeded access to the underlying filesystem, and any AV system that traps filesystem calls will have a negative impact on Hadoop system performance.

Some sites choose to implement AV "scans" that run periodically (like a weekly scan) on clients, gateway and "edge node" systems where users & developers connect and run local processes. These scans do not interfere with cluster performance, but are important to safeguard the edge-connected systems that are the main clients of the cluster.

2,950 Views

avatar
author-rank jniemiec
Rising Star

Created ‎10-02-2015 03:56 PM

Just a note that YARN may need to execute things that are placed into its local cache on the NMs, its not purly a data storage. This is why you cant have directories that are YARN related mounted as NOEXEC in /etc/fstab...

2,949 Views
0 Kudos

avatar
author-rank drussell
Guru

Created ‎10-02-2015 04:12 PM

Sometimes, the requirement to have AV on the servers is unavoidable due to security policies that cannot be challenged. In that event, prepare for the need to add significantly more nodes, more memory and more cpus to get the same levels of performance.

2,949 Views
Announcements
What's New @ Cloudera
Cloudera DataFlow 2.9 now supports building GenAI pipelines ...
What's New @ Cloudera
Accelerate Data Scientist Productivity with Cloudera Copilot...
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
Community Announcements
October 2024 Community Highlights
What's New @ Cloudera
Accelerate Your AI with the Cloudera AI Inference Service wi...
View More Announcements